#!/bin/bash
#description: Linux system iniialization
. /etc/init.d/functions

NET=192.168.201
INT=eth0
HOST=$(ifconfig ${INT}|awk -F "[ .]+" 'NR==2{print $6}')
DNS=202.96.209.133

#http server and ip
HTTPIP=192.168.201.10
Port=80
#Centos-6.repo and epel-6.repo on /var/www/cobbler/repo_mirror
#wget http://mirrors.aliyun.com/repo/Centos-6.repo
#https://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm

function Result(){
        if [ $? -eq 0 ];then
          action "$1" /bin/true
        else
          action "$1" /bin/false
        fi
}

#Define Static IP
function DefineIP(){
	cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
	DEVICE=${INT}
	TYPE=Ethernet
	ONBOOT=yes
	BOOTPROTO=none
	IPADDR=${NET}.${HOST}
	NETMASK=255.255.255.0
	GATEWAY=${NET}.10
	DNS=$DNS
	IPV6INIT=no
	NAME="System eth0"
EOF
	Result "configure ${INT}"
}

#Define Yum source

function Yum(){
	DIR="/etc/yum.repos.d"
	[ -f "${DIR}/CentOS-Base.repo" ] && mv ${DIR}/CentOS-Base.repo ${DIR}/CentOS-Base.repo.ori_$(date +%F)
	wget -O ${DIR}/CentOS-Base.repo http://${HTTPIP}:${Port}/cobbler/repo_mirror/Centos-6.repo
	if [ ! -f "${DIR}/epel.repo" ];then
		yum -y install http://${HTTPIP}:${Port}/cobbler/repo_mirror/epel-release-latest-6.noarch.rpm
	fi
	Result "Config Yum Source"
	yum clean all && yum makecache
}

#Define Hide System version number 
function HideVersion(){
	[ -f "/etc/issue" ] && >/etc/issue
	[ -f "/etc/issue.net" ] && >/etc/issue.net
}
#Define open file 
function Openfiles(){
	[ -f "/etc/security/limits.conf" ] && echo "* - nofile 65535" >> /etc/security/limits.conf
	Result "Config OpenFiles"
}
# Defined System Startup Services Functions
function AutoStart(){
        for service in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|rsyslog|sshd|sysstat"` 
        do 
           chkconfig $service off
        done
         Result "AutoStart config"
}
# Defined Time Synchronization Functions
function Time(){
        echo "#time sync at $(date +%F)" >>/var/spool/cron/root
        echo '*/5 * * * * /usr/sbin/ntpdate time1.aliyun.com &>/dev/null' >>/var/spool/cron/root
        Result "Time Synchronization"
}
#define SSH service
function Ssh(){
	\cp /etc/ssh/sshd_config /etc/ssh/sshd_config.$(date +%F)
	sed -i 's/#Port 22/Port 23522/g' /etc/ssh/sshd_config
	sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
	sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
  	sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
}
#create common user
function CreateUser(){
	#Delete unnecessary users
	userdel adm
	userdel lp
	userdel sync
	userdel shutdown
	userdel halt
	userdel uucp
	userdel games
	userdel operator
	userdel gopher
	userdel ftp
	groupdel adm
	groupdel lp
	groupdel uucp
	groupdel games
	#create common user admin
	user=admin
	group=admin
	if ! id $user&>/dev/null;then
		groupadd -g 1010 $group
		useradd -g $group -u 1010 $user
	fi
	sed -i "/test/s@\!\!@\$6\$mvLkrJbn.KQCw.Ev\$KjLKoHjWoqG1mmDdMd73MiCIe4Z8lDK42n.rHLLLYkoINqaXUJzkGGJFzvXp8.JdTaEPjXY1NZIIj4tw8WQn80@g" /etc/shadow
	echo "$user    ALL=(ALL)       ALL" >>/etc/sudoers
}
#use chattr 
function Chattr(){
	mv /usr/bin/chattr /usr/bin/test
	/usr/bin/test +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab /bin/ps /usr/bin/top /bin/netstat /usr/bin/md5sum
	/usr/bin/test +a /var/log/secure /var/log/message
}
#sysctl
function Sysctl(){
	\cp /etc/sysctl.conf{,.ori_$(date +%F)}
	cat  > /etc/sysctl.conf <<EOF
net.core.netdev_max_backlog =  32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.ip_forward = 0
net.ipv4.ip_local_port_range = 10240 65000
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_tw_recycle = 1
#net.ipv4.tcp_tw_len = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_fin_timeout = 120
net.ipv4.tcp_keepalive_time = 120
#kernel: TCP: time wait bucket table overflow
net.ipv4.tcp_max_tw_buckets = 30000
EOF
	sysctl -p
}	
#install zabbix agent
function Install_zabbix_agent(){
	rpm -i http://repo.zabbix.com/zabbix/3.4/rhel/6/x86_64/zabbix-release-3.4-1.el6.noarch.rpm
	yum -y install zabbix-agent zabbix-sender
}

function main(){
	DefineIP
	Yum
	HideVersion
	Openfiles
	AutoStart
	Time
	Ssh
	CreateUser
	Chattr
	Sysctl
	Install_zabbix_agent
}
main

